Home > database >  Postfix Connection Timeout for Outgoing Mail - Port 25 is ***not*** blocked by ISP
Postfix Connection Timeout for Outgoing Mail - Port 25 is ***not*** blocked by ISP

Time:12-30

Many similar questions have been asked here, but most have the issue of port 25 being blocked by a cloud provider (i.e. DigitalOcean) or the ISP (i.e. Xfinity). I have neither of these problems, but still can't send outgoing mail.

I try to send outgoing mail, but get this error from posfix/smtp

connect to alt2.gmail-smtp-in.l.google.com[142.250.152.27]:25: Connection timed out

I am running a postfix from a spare laptop that is running Ubuntu Server, so I know it isn't a problem with a cloud provider. Additionally, I have Google Fiber, and they do not block any ports, including port 25. Just as a test, when I telnet to the above address, I can successfully connect.

$ telnet alt2.gmail-smtp-in.l.google.com 25
Trying 2607:f8b0:4001:c56::1a...
Connected to alt2.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP x17si5369573iow.10 - gsmtp

Any ideas what the final blocker is? The one thing I can think of is my postfix main.cf variables below might need tweaking. Also, FYI I am running the postfix server in a Docker container.

mydestination = localhost.$mydomain, localhost
proxy_interfaces = X.X.X.X # Static IP of Google Fiber router that is externally facing to WAN

CodePudding user response:

After some digging, I looked up my hostname on Realtime Blackhole Lists, or RBLs, and discovered that my hostname and therefore mail server were being rejected as spam by any mail server that checks the public RBLs.

The solution to this was to set up SPF, DKIM, and DMARC through my DNS provider. Each of these play a role in reducing hostname spoofing, spam email, and other malicious activites. There are many tutorials online on how to do this.

SPF is Sender Policy Framework. This is used to prevent others from spoofing your domain.

DKIM is DomainKeys Identified Mail. This allows the senders to authenticate their emails by including a digital signature in the email header. DKIM uses public-key cryptography to verify that an email message was sent from an authorized mail server.

DMARC is Domain-based Message Authentication Reporting & Conformance, which builds on SPF and DKIM to prevent domain spoofing.

  • Related